Lucene search
K

2736 matches found

Nuclei
Nuclei
added 16 hours ago189 views

Adobe Coldfusion - Authentication Bypass

Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints...

7.5CVSS7.3AI score0.10072EPSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-48315

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gainin...

9.3CVSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-48313

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive...

9.3CVSS
Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2026-48276

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-48285

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-48277

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-48283

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-48281

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2026-48282

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interactio...

10CVSS
Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2026-48307

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-48315

Summary: CVE-2026-48315 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is described as an Improper Input Validation vulnerability that could lead to arbitrary code execution in the context of the current user. An attacker could inject malicious scripts into a web page, potentially ga...

9.3CVSS6.4AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday27 views

CVE-2026-48281 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-48277

CVE-2026-48277 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Input Validation that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction (network access implied by CVSS). No remediation or patch ...

10CVSS6.4AI score
Exploits0References1Affected Software1
CVE
CVE
added yesterday10 views

CVE-2026-48313

The CVE-2026-48313 issue affects ColdFusion versions 2025.9, 2023.20 and earlier. It describes an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability that could lead to arbitrary file system read and limited write access, allowing an attacker to access sensi...

9.3CVSS5.9AI score
Exploits0References1Affected Software1
CVE
CVE
added yesterday8 views

CVE-2026-48285

CVE-2026-48285 affects ColdFusion versions 2025.9, 2023.20 and earlier. It describes a Server-Side Request Forgery (SSRF) that can bypass security features and grant unauthorized read access without user interaction. The Bug’s scope is reported as changed, and the CVSS v3.1 base score is 8.6 (HIG...

8.6CVSS5.8AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-48285 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-48307

CVE-2026-48307 affects ColdFusion versions 2025.9, 2023.20 and earlier and is a reflected Cross-Site Scripting vulnerability (CWE-79). An attacker can inject malicious scripts into a web page, potentially leading to arbitrary code execution in the context of the current user. Exploitation require...

8.8CVSS6.4AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-48307 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-48314

CVE-2026-48314 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) that could bypass security features, allowing an attacker to gain limited read and write access to files or directories outside the ...

6.5CVSS5.8AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday25 views

CVE-2026-48276 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
Rows per page
Query Builder